Permission based on roles

Hi, I'm a bit hesitant how to tackle this, should i use just middleware based upon just the role of the user or should i use a table in my data base to store this, and with the several middlewares validate the permission for any request of the user, any suggestions how to approach this problem?